* Can netfilter-ebpf modify packets ?
@ 2023-12-18 6:26 D. Wythe
0 siblings, 0 replies; only message in thread
From: D. Wythe @ 2023-12-18 6:26 UTC (permalink / raw)
To: pablo, kadlec, fw, coreteam, pabeni, ast, netfilter-devel, bpf
Hello everyone,
I've noticed that it's not possible to modify packets via netfilter-ebpf
right now. I'm curious if this is by design.
Currently, I've observed some issues, such as:
1. The dynptr obtained through bpf_dynptr_from_skb in the netfilter-ebpf
prog is read-only.
2. In addition to modification, applications may also need to delete or
append some data in the skb, which dynptr_write cannot meet.
3. Modifying packets involves recalculating csum, or updating
transparent header, etc.
4. The BPF_PROG_TYPE_SCHED_ACT provides a large number of helpers that
can meet various packet modification scenarios. However, due to arg_type
type checks(ARG_PTR_TO_CTX), we cannot use them directly in netfilter yet.
Looking forward to any feedback.
Best wishes,
D. Wythe
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2023-12-18 6:26 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-12-18 6:26 Can netfilter-ebpf modify packets ? D. Wythe
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox